OpenXchangeClient.Api.SAML (open_xchange_client v0.10.1)
API calls for all endpoints tagged SAML
.
Link to this section Summary
Functions
Assertion Consumer Service
SAML 2.0 Assertion Consumer Service. Accepts <Response>
messages of the Web Browser SSO Profile per HTTP-POST
binding.
Initiate SAML 2.0 HTTP binding flows Initiates any supported SAML 2.0 login and logout flow as described in https://documentation.open-xchange.com/latest/middleware/login/02_saml.html.
Metadata Service
SAML 2.0 Metadata Service. Provides an <EntityDescriptor>
XML document describing the built-in service provider configuration.
Create App Suite session after SAML login flow
This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML login flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets created. As a result, the user gets redirected to https://<webmail-domain>/<login-path>#session=<session-id>
. The redirect response has App Suite session cookies set.
Terminates an App Suite session after SAML logout flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML logout flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets terminated. As a result, the user gets usually redirected to an environment-specific location, for example a portal page. The redirect response removes all App Suite session cookies.
Single Logout Service for Logout Requests
SAML 2.0 Single Logout Service. Accepts <LogoutRequest>
messages from the IdP per HTTP-Redirect
binding.
Single Logout Service for Logout Responses
SAML 2.0 Single Logout Service. Accepts <LogoutResponse>
messages of the Single Logout Profile per HTTP-POST
binding.
Link to this section Functions
acs(connection, tenant, u_nknownbasetype, opts \\ [])
@spec acs( Tesla.Env.client(), String.t(), OpenXchangeClient.Model.UNKNOWN_BASE_TYPE.t(), keyword() ) :: {:ok, nil} | {:error, Tesla.Env.t()}
Assertion Consumer Service
SAML 2.0 Assertion Consumer Service. Accepts <Response>
messages of the Web Browser SSO Profile per HTTP-POST
binding.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
- u_nknownbasetype (UNKNOWN_BASE_TYPE):
- opts (KeywordList): [optional] Optional parameters
returns
Returns
on success {:error, Tesla.Env.t} on failure
init(connection, tenant, opts \\ [])
@spec init(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:ok, OpenXchangeClient.Model.InlineResponse2003.t()} | {:error, Tesla.Env.t()}
Initiate SAML 2.0 HTTP binding flows Initiates any supported SAML 2.0 login and logout flow as described in https://documentation.open-xchange.com/latest/middleware/login/02_saml.html.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
- opts (KeywordList): [optional] Optional parameters
- :flow (String.t): One of
login
,relogin
orlogout
to start the respective flow. - :session (String.t): Required for flow
logout
. A session ID to determine the correct session. - :redirect (String.t): Responds with
302 Found
and sets the response headerLocation
to the actual redirect URI.
- :flow (String.t): One of
returns
Returns
on success {:error, Tesla.Env.t} on failure
metadata(connection, tenant, opts \\ [])
@spec metadata(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:error, Tesla.Env.t()}
Metadata Service
SAML 2.0 Metadata Service. Provides an <EntityDescriptor>
XML document describing the built-in service provider configuration.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
- opts (KeywordList): [optional] Optional parameters
returns
Returns
on success {:error, Tesla.Env.t} on failure
saml_login(connection, token, opts \\ [])
@spec saml_login(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:error, Tesla.Env.t()}
Create App Suite session after SAML login flow
This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML login flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets created. As a result, the user gets redirected to https://<webmail-domain>/<login-path>#session=<session-id>
. The redirect response has App Suite session cookies set.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- token (String.t): A valid session reservation token
- opts (KeywordList): [optional] Optional parameters
- :client (String.t): Identifier of the client using the HTTP/JSON interface. Default: Value of configuration property
com.openexchange.ajax.login.http-auth.client
- :client_user_agent (String.t): Parameter to override the user agent used for session creation. By default the
User-Agent
request header is evaluated. - :login_path (String.t): The login path to be set on the resulting
Location
response header as part of the redirect response. Default: Value of configuration propertycom.openexchange.UIWebPath
. - :shard (String.t): Shard identifier to route the requiest accordingly
- :client (String.t): Identifier of the client using the HTTP/JSON interface. Default: Value of configuration property
returns
Returns
on success {:error, Tesla.Env.t} on failure
saml_logout(connection, session, opts \\ [])
@spec saml_logout(Tesla.Env.client(), String.t(), keyword()) :: {:ok, nil} | {:error, Tesla.Env.t()}
Terminates an App Suite session after SAML logout flow This API call is typically the result of a redirect created by the server. It does not need to be explicitly implemented by clients! After a successful SAML logout flow, the client (web browser) is redirected to this endpoint, where the actual App Suite session gets terminated. As a result, the user gets usually redirected to an environment-specific location, for example a portal page. The redirect response removes all App Suite session cookies.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- session (String.t): App Suite session ID
- opts (KeywordList): [optional] Optional parameters
returns
Returns
on success {:error, Tesla.Env.t} on failure
sls_req(connection, tenant, s_aml_request, opts \\ [])
@spec sls_req(Tesla.Env.client(), String.t(), String.t(), keyword()) :: {:ok, nil} | {:error, Tesla.Env.t()}
Single Logout Service for Logout Requests
SAML 2.0 Single Logout Service. Accepts <LogoutRequest>
messages from the IdP per HTTP-Redirect
binding.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
- s_aml_request (String.t): Base64 encoded SAML 2.0
<LogoutRequest>
message. - opts (KeywordList): [optional] Optional parameters
- :sig_alg (String.t): Message signature algorithm ID
- :signature (String.t): Message signature
- :relay_state (String.t): Message exchange relay state
returns
Returns
on success {:error, Tesla.Env.t} on failure
sls_resp(connection, tenant, u_nknownbasetype, opts \\ [])
@spec sls_resp( Tesla.Env.client(), String.t(), OpenXchangeClient.Model.UNKNOWN_BASE_TYPE.t(), keyword() ) :: {:ok, nil} | {:error, Tesla.Env.t()}
Single Logout Service for Logout Responses
SAML 2.0 Single Logout Service. Accepts <LogoutResponse>
messages of the Single Logout Profile per HTTP-POST
binding.
parameters
Parameters
- connection (OpenXchangeClient.Connection): Connection to server
- tenant (String.t): In a multi-tenant environment, where different tenants might connect to different identity providers, this parameter denotes the tenant to start a SAML flow for. In single-tenant environments this parameter is superfluous.
- u_nknownbasetype (UNKNOWN_BASE_TYPE):
- opts (KeywordList): [optional] Optional parameters
returns
Returns
on success {:error, Tesla.Env.t} on failure